Vulnerabilities were discovered in the Java Runtime Environment. Anuntrusted applet could use these vulnerabilities to access data from otherapplets. (CVE-2006-6736, CVE-2006-6737)

Serialization flaws were discovered in the Java Runtime Environment. Anuntrusted applet or application could use these flaws to elevate itsprivileges. (CVE-2006-6745)

Buffer overflow vulnerabilities were discovered in the Java RuntimeEnvironment. An untrusted applet could use these flaws to elevate itsprivileges, possibly reading and writing local files or executing localapplications. (CVE-2006-6731)

Daniel Bleichenbacher discovered an attack on PKCS #1 v1.5 signatures.Where an RSA key with exponent 3 is used it may be possible for an attackerto forge a PKCS #1 v1.5 signature that would be incorrectly verified byimplementations that do not check for excess data in the RSA exponentiationresult of the signature. (CVE-2006-4339)

All users of java-1.4.2-ibm should upgrade to these updated packages, whichcontain IBM's 1.4.2 SR7 Java release which resolves these issues.

4. Solution:

Before applying this update, make sure all previously released erratarelevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only thoseRPMs which are currently installed will be updated. Those RPMs which arenot installed but included in the list will not be updated. Note that youcan also use wildcards (*.rpm) if your current directory *only* contains thedesired RPMs.

Please note that this update is also available via Red Hat Network. Manypeople find this an easier way to apply updates. To use Red Hat Network,launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriateRPMs being upgraded on your system.